SSH_PRIVSEP_USER configurable at runtime?
Damien Miller
djm at mindrot.org
Tue Apr 1 14:46:29 EST 2014
On Mon, 31 Mar 2014, Corinna Vinschen wrote:
> For instance, assuming you have a domain member machine MACH103, which
> is member of the domain DOM1. Assuming the machine as well as DOM1
> and another dmain, DOM2, all have a user called "sshd", the automatically
> generated Cygwin usernames will be
>
> MACH103+sshd for the local account
> sshd for the account in domain DOM1
> DOM2+sshd for the account in domain DOM2.
>
> Additionally, the admin can decide if the domain name gets prepended
> every time, which results in "DOM1+sshd" as username in DOM1, and the
> domain separator character can be chosen freely as well, for instance
> a backslash (MACH103\sshd).
>
> With domainnames being part of the username, this allows for so many
> variations of the actual username, that a fixed name "sshd" or just
> a compile time option will become a problem.
>
> Any chance to get such a sshd_config option?
I'm really loathe to add an option for this. Is there any way that
sshd could figure out which account automatically? e.g. by having
ssh-host-config ensure that ${machine}/sshd exists and is appropriately
configured
-d
More information about the openssh-unix-dev
mailing list